package com.hbnu.mysql;

import java.sql.*;
import java.util.HashMap;
import java.util.Map;
import java.util.Scanner;


//数据库和防止注入
public class Demotest {
    public static void main(String[] args) {
        Map<String,String> userInfo = loginUI();        //login UI模拟前端页面

        boolean result = VerifyUserInfo(userInfo);

        System.out.println(result ? "right" : "error");
    }

    private static boolean VerifyUserInfo(Map<String, String> userInfo) {
        boolean flag = false;   //用户信息校验结果

        // 从集合中取出用户信息
        String username = userInfo.get("username");
        String password = userInfo.get("password");

        //数据库校验用户信息
        Connection connection = null;
//        Statement statement = null;
        PreparedStatement preparedStatement = null;     //预编译数据库操作对象
        ResultSet resultSet = null;

        //注册驱动
        try {
            //注册驱动
            Class.forName("com.mysql.cj.jdbc.Driver");


            //获取数据库连接
            String url = "jdbc:mysql://localhost:3306/class2211?serverTimezone=UTC&useSSL=false&characterEncoding=utf-8";
            String user = "root";
            String pwd = "12123";
            connection = DriverManager.getConnection(url,user,pwd);

            //获取数据库操作对象
//            statement = connection.createStatement();

            String sql = "select * from users where username = ? and password = ?";
            preparedStatement = connection.prepareStatement(sql);



            //执行SQL
//            String sql = "select * from users where username = '"+username+"' and password = '"+password+"'";           //sql语句记得检查库名是否相同
//            resultSet = statement.executeQuery(sql);
            preparedStatement.setString(1,username);
            preparedStatement.setString(2,password);
            resultSet = preparedStatement.executeQuery();           //这里已经预编译了，就不需要再传入参数了


            while(resultSet.next()){
                flag = true;
                break;
            }

        } catch (Exception e) {
            throw new RuntimeException(e);
        }
        finally {
            if (resultSet != null){
                try {
                    resultSet.close();
                } catch (SQLException e) {
                    throw new RuntimeException(e);
                }
            }
            if (preparedStatement != null){
                try {
                    preparedStatement.close();
                } catch (SQLException e) {
                    throw new RuntimeException(e);
                }
            }
            if (connection != null){
                try {
                    connection.close();
                } catch (SQLException e) {
                    throw new RuntimeException(e);
                }
            }
        }

        return flag;
    }


    private static Map<String,String> loginUI() {
        Map<String,String> userInfo = new HashMap<>();
        Scanner input = new Scanner(System.in);

        System.out.println("输入账号");
        String username = input.nextLine();
        System.out.println("请输入密码");
        String password = input.nextLine();

        userInfo.put("username",username);
        userInfo.put("password",password);

        return userInfo;                    //这句不知道对不对
    }
}
